With the evolution of technologies like Internet of Things (IoTs), there will be more and more connected devices in use around the world. This is one of the reasons why cyber security is critical to contemporary society as it makes the large majority susceptible to cyber-attacks. Such cyber-attacks not only impact confidentiality, integrity, and availability but also can cause physical damage. This is evident from cyber-attacks like Stuxnet and German steel mill. Effective security incident management plays an important role in minimising negative impact of such attacks mainly in terms of the organizations’ finance, reputation, and personnel safety. Typically, the main phases of security incident management include: (i) preparation, (ii) mid-incident, and (iv) post-incident. There are diverse set of concepts like Structured Threat Information Expression (STIX) and Incident Object Description Exchange Format (IODEF) in the above-mentioned phases of security incident management. However, a comprehensive overview of different concepts and the relationships between such concepts in security incident management is missing. In this paper, we develop an ontology model with relevant concepts and their corresponding relationships between them especially in the mid-incident and post-incident phases of security incident management. Furthermore, we demonstrate the proposed ontology model using colonial pipeline example case study. The proposed model will help incident responders to operationalise concepts, by having a clear understanding on different concepts and their corresponding relationships, which in turn would also make the incident response more effective in practice.
Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical -military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.